Using PostgreSQL for NSS databases

I'm making this post here in hopes I may save someone from beating
their head against the wall like I did...

I am writing a custom Name Service Switch (NSS) module to take
advantage of already existing account information in a pg database.

Under certain circumstances, processes will hang due to non-recursive
mutex locking during PG connection creation. It goes something like
this:

========================================
/etc/nsswitch.conf:

passwd: files mypgmod
group: files mypgmod
========================================

[process with euid not found in /etc/passwd, looking up another
username not found in /etc/passwd]

getpwnam_r(username, ...)

// nss doesn't find user in files module (/etc/passwd),
// so uses mypgmod

_nss_mypgmod_getpwnam_r(username, ...)

pthread_mutex_lock(...) //to protect PG connection, then...
PQconnectdb(...)

// any number of reasons to look up info in calling user's
// home directory, e.g., default password, ssl certs, etc.,
// resulting in call to getpwuid_r() to find user's homedir.

getpwuid_r(geteuid(), ...)

// nss doesn't find user in files module (/etc/passwd),
// so uses mypgmod

_nss_mypgmod_getpwuid_r(uid, ...)

pthread_mutex_lock(...) //to protect PG connection
/* HANG */

* * *

The "fix," if you can call it that, is to run nscd, the NSS caching
daemon. Typically run as root (with account info in /etc/passwd) the
second lookup will not generate a second connection attempt.

Also, there exists in many linux distros a libnss-pgsql2 package which
suffers from the exact same problem (there are some scattered posts on
the 'net about it). Same "fix" ... run nscd.

Cheers,

Daniel Popowich